Okta research says slow tech upgrades puts companies at risk

Research from security company Okta is claiming that companies which aren't agile on technology upgrades are putting themselves at risk of cyber-attacks.

Security company Okta claimed today that while most organisations fundamentally believe connecting people to the best technology is vital to business productivity, many struggle to achieve agility in this side of the business due to traditional on-premise security restrictions.

The paper showed that failing to adapt and upgrade security tools is putting organisations at risk – 65 percent of respondents think that a data breach will happen within the next 12 months if they do not upgrade legacy security solutions in time.

Simon Moffatt, EMEA director of advanced customer engineering at ForgeRock, agrees: "I think it's true that companies need to take a much more proactive stance with respect to cyber-security, by having the necessary technological, legal, public relations and customer service response plans in place, for when and not if, a large breach occurs."

The findings are presented inside Okta's first Secure Business Agility report, which is based on data compiled from surveying 300 IT and security professionals – IT professionals not being those on the front line mitigating said breaches.

The company did not specify what kind of data breach would occur, and if there would be a loss of Personally Identifiable Information (PII) involved. This would presumably dictate the impact of the breach, as there would be no notification to regulators, and there would be no financial loss in terms of customers leaving or share price falling.

Nonetheless, David Baker, chief security officer at Okta told SCMagazineUK.com, “In order to be more productive, organisations worldwide are investing in cloud and mobile technologies, enabling their staff to work from virtually anywhere. But this isn't enough to ensure true agility. To successfully navigate the new perimeter and avoid compromising on security and productivity, IT leaders need to adopt tools that span traditional company and network boundaries and enable agility across the organisation.”

The research also showed that organisations are unsure if security is enabling or compromising productivity and agility: just over half (52 percent) said that their current security solutions compromise productivity, while 48 percent believe their security measures enable the organisation to adopt best of breed solutions that enable productivity and agility.

Javvad Malik, security advocate at AlienVault, told SC: “Preventing security breaches is a bit like Zeno's dichotomy paradox, in that it is a constant and ongoing process, which at best you only achieve 50 percent. While updating legacy systems and implementing good security practices while working towards a better security culture are vitally important, there's always a chance that an incident will occur. To that point, the fact that 65 percent of leaders expect to experience a breach is completely understandable.”

Malik explained: “However, security doesn't stop when a breach occurs. One could argue that detecting the breach and responding is where the real security effort takes place and it is where companies need to focus. To quote Mike Tyson, ‘Everyone has a plan until they are punched in the face.' Enterprise security teams need to prepare themselves like boxers that train themselves to get hit. Everyone gets hit – it's the timeliness and the method in which they respond that matters the most.”